CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10580 – Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form Submission
https://notcve.org/view.php?id=CVE-2024-10580
26 Nov 2024 — The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submit unpublished forms. • https://plugins.trac.wordpress.org/browser/wordpress-popup/tags/7.8.5/inc/front/hustle-module-front-ajax.php#L251 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10579 – Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unpublished Form Exposure
https://notcve.org/view.php?id=CVE-2024-10579
25 Nov 2024 — The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the preview_module() function in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view unpublished forms. • https://plugins.trac.wordpress.org/browser/wordpress-popup/tags/7.8.5/inc/hustle-modules-common-admin-ajax.php#L189 • CWE-862: Missing Authorization •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0368 – Hustle <= 7.8.3 - Sensitive Information Exposure via Exposed Hubspot API Keys
https://notcve.org/view.php?id=CVE-2024-0368
12 Mar 2024 — The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII. El complemento Hustle – Email Marketing, Lead Generation, Optins, Popups para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 7.8.3 incluida a través de claves API cod... • https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api • CWE-522: Insufficiently Protected Credentials •